
CVE-2025-49157 – Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49157
11 Jun 2025 — Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Damage Cleanup Engine, which runs within the Trend Micro Common Client Real-time Scan Service. ... An attacker can leverage this vulnerability to escalate privileg... • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-269: Improper Privilege Management •

CVE-2025-49158 – Trend Micro Apex One Security Agent ntrmv Uncontrolled Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49158
11 Jun 2025 — Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-427: Uncontrolled Search Path Element •

CVE-2025-49212 – Trend Micro Endpoint Encryption DeserializeFromBase64String Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49212
11 Jun 2025 — An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Endpoint Encryption. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-477: Use of Obsolete Function •

CVE-2025-49213 – Trend Micro Endpoint Encryption PolicyServerWindowsService Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49213
11 Jun 2025 — An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Endpoint Encryption. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-477: Use of Obsolete Function •

CVE-2025-49217 – Trend Micro Endpoint Encryption ValidateToken Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49217
11 Jun 2025 — An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Endpoint Encryption. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-477: Use of Obsolete Function •

CVE-2025-49219 – Trend Micro Apex Central GetReportDetailView Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49219
11 Jun 2025 — An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. ... An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. • https://success.trendmicro.com/en-US/solution/KA-0019926 • CWE-477: Use of Obsolete Function •

CVE-2025-49220 – Trend Micro Apex Central ConvertFromJson Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49220
11 Jun 2025 — An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. ... An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. • https://success.trendmicro.com/en-US/solution/KA-0019926 • CWE-477: Use of Obsolete Function •

CVE-2025-49251 – WordPress Fana <= 1.1.28 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-49251
11 Jun 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types c... • https://patchstack.com/database/wordpress/theme/fana/vulnerability/wordpress-fana-1-1-28-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVE-2025-49252 – WordPress Besa <= 2.3.8 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-49252
11 Jun 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types c... • https://patchstack.com/database/wordpress/theme/besa/vulnerability/wordpress-besa-2-3-8-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVE-2025-49253 – WordPress Lasa <= 1.1 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-49253
11 Jun 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Lasa allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types c... • https://patchstack.com/database/wordpress/theme/lasa/vulnerability/wordpress-lasa-1-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •